CVE-2018-8440 – Task Scheduler ALPC Zero-Day Exploit in the Wild

Credit to Author: Sameer Patil| Date: Wed, 12 Sep 2018 13:30:14 +0000

Estimated reading time: 1 minuteThe recent zero-day vulnerability CVE-2018-8440 in Windows Task Scheduler enables attackers to perform a privilege elevation on targeted machines. Microsoft has released a security advisory CVE-2018-8440 on September 11, 2018 to address this issue. According to Microsoft, successful exploitation of this vulnerability could run arbitrary code in the security context of the local system. About the vulnerability CVE-2018-8440 is a local privilege escalation vulnerability in the Windows Task Scheduler’s Advanced Local Procedure Call (ALPC) interface. The ALPC endpoint in Windows task scheduler exports the SchRpcSetSecurity function, which allows us to set an arbitrary DACL without checking permissions. Exploiting the vulnerability ultimately allows a local unprivileged user to change the permissions of any file on the system. The exploit code release was announced on twitter, on 27th August 2018, by a security researcher who goes with the handle “SandboxEscaper”.  Within days, PowerPool malware was found using the exploit to infect users. Vulnerable versions Windows 7 Windows 8.1 Windows 10 Windows Server 2008, 2012 and 2016 Quick Heal detection Quick Heal has released the following detection for the vulnerability CVE-2018-8440: Trojan.Win64 Trojan.IGeneric Quick Heal Security Labs is actively looking for new in-the-wild exploits for this vulnerability and ensuring coverage for them. References https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8440 Subject Matter Experts Sameer Patil | Quick Heal Security Labs The post CVE-2018-8440 – Task Scheduler ALPC Zero-Day Exploit in the Wild appeared first on Quick Heal Blog | Latest computer security news, tips, and advice.
http://blogs.quickheal.com/feed/